Social

Follow Us

Tag: Top Secret

This paper explores the PLA’s theory of victory in modern warfare and its implications for how China plans to fight the United States. It is a primer on the theory’s foundational concepts, and on what the theory reveals about China’s strategic intent and ambitions.

(U) Executive Summary

(U//FOUO/RELIDO) China plans to defeat powerful adversaries by systematically targeting the linkages and nodes that hold an advanced network-centric force together as a cohesive whole. The PLA calls this theory of victory “systems attack and destruction warfare,” hereafter, “system attack. Authoritative PLA doctrine emphasizes importance of system attack as China’s “basic operational method” of warfare. System attack is perhaps best remembered as “the American way of war with Chinese characteristics,” since the PLA developed the concept based on observing U.S. military victories In the 1990s. Some of the PLA’s writings on systems attack are clearly aspirational, but this does not preclude the effectiveness of the approach, and the doctrine shows that the Pl.A is thinking seriously and realistically about how to defeat.an advanced adversary. The requirements of system attack are actively driving PLA reform, acquisitions, operations and training, and the doctrine telegraphs how Chine intends to fight.

(U) China’s Theory of War: “‘Systems Confrontation•

• (U//FOUO/RELIDO) 1 +1>2. Operational Systems are Greater Than the Sum of their Parts. Fundamental to China’s theory of victory is the PLA’s concept that modem military forces are “‘systems of systems” which are stronger and more efficient than their components would be in isolation because they are linked and networked together through communications and information systems architecture.

• (U//FOUO/RELIDO) Systems Confrontation: The PLA’s theory of modern warfare, therefore, is “systems confrontation,” or competition between these rival “systems of systems,” rather than as a linear contest between discrete units or services of competing armies.

(U//FOUO/RELIDO) Create the Conditions for Winning the War: Make 1 +1<2. The PLA plans to defeat an advanced adversary by thoroughly fragmenting the adversary’s system into isolated component parts. The first step of systems attack, therefore, Is to break the essential links and nodes that promote system cohesion in order to sow confusion, degrade communications and disorient adversary leadership. System attack’s ultimate goal ls to paralyze the adversary force, degrading its ability to resist, eroding leadership will to fight and slowing adversary decision-making. China believes that whichever side has a more networked, integrated and cohesive force will have a shorter OODA loop, be able to act more efficiently, and have a better likelihood of victory. Attacks will take place across all domains to degrade the system as a whole rather than focusing on attrition.

• (U//FOUO/REUDO) Fragment the Force: Degrade Data-Flow and C2. The PLA prioritizes degrading or denying an adversary’s use of information early in a crisis and with greater intensity through a conflict. The PLA envisions using kinetic and non-kinetic operations to target an opponent’s data links, communications, military networks, and information systems architecture early in the conflict. Degrading adversary communications amplifies the effects of missile and air strikes against command and control (C2) nodes, including command centers, flagships, and military and civilian leadership.

• (U//FOUO/REUDO) Blind the Enemy. Deny ISR and Early Warning. China will try to degrade adversary decision-making and awareness by targeting its intelligence, surveillance and reconnaissance (ISR) and early warning capabilities, including key space-based collection systems, theater ISR platforms, intelligence centers and satellites.

• (U//FOUO/RELIDO) Own the Initiative: Getting Inside the Adversary OODA Loop. China plans to seize first mover advantage by initiating conflict when the adversary is not prepared. The PLA will try to maintain battlefield initiative by forcing adversaries into a reactive cycle driven by a rapid tempo of unexpected long-range strikes, asymmetric attacks, and harassing attacks.

• (U//FOUO/RELIDO) More Return on Investment Precision Strikes Enable Outsized Effects. The PLA will rely on highly targeted precision strikes against key links and nodes to achieve an outsized effect on the enemy force’s overall stability and effectiveness. Kinetic precision strikes will be complemented by non-kinetic attacks, especially against adversary networks, datalinks, and information systems.

(U/FOUO/RELIDO) Using the Full Against the Fragmentary, Defeating the Slow with the Rapid. System attacks are designed to enable following operations. Once system attacks have fragmented the adversary military so that it cannot operate as a cohesive force, the PLA will commit its broader intact and networked force to combat. Having tilted the battlefield In its own favor, the PLA will carry out supplemental attacks that ensure the adversary•s system does not recover while gradually attriting the adversary’s aircraft, ships, submarines, and other long-range-strike platforms. Sequencing system attacks first enables the PLA to achieve greater effect with lower risk to its force or mission.

• (U//FOUO/RELIDO) China Expects to Have Its System Targeted Too. China expects that the U.S. will try to degrade the PLA’s ability to operate as a coherent force, having developed the systems attack doctrine described above by watching how the United States fights. The PLA therefore is training and equipping the force to operate independently, autonomously, and resiliently, with a notable emphasis on operating in a complex electromagnetic environment.

(U//FOUO/RELIDO) Aspiration Does Not Equal Capability, but It Signals Intent. In PLA doctrine, the rough sequence of operations enabled by systems attacks would be familiar to U.S. military operators: achieve air superiority, then use air superiority to seize maritime superiority and enable ground operations, then use maritime superiority to execute attacks from the sea to the land. The last part of this sequence is aspirational, since China does not currently field ship-launched land attack cruise missiles and its nascent aircraft carrier program is unable to carry out strike warfare. It is, however, how the PLA says it wants to be able to fight, and its acquisitions and training reflect this ambition. China’s doctrine is reflected in its acquisitions and training patterns today. Tomorrow it will be reflected in its operations. The PLA is progressing rapidly. This is how they will fight.

(U) A Note on Sources:

(U//FOUO) The findings of this paper are derived from China’s most authoritative government and military doctrinal writings: The Importance of system of systems confrontation is evident in its inclusion In the 2015 Defense White Paper on Military Strategy. All other details are derived from the 2015 and 2013 editions of the Science of Military Strategy, and .from an unclassified 2018 RAND Corporation study, Systems Confrontation and System Destruction Warfare: How the Chinese People’s Liberation .Army Seeks to Wage Modem Warfare. General assessments on PLA acquisitions, training and operations are reflected in a wide body of unclassified open source materials from 2000 through the present For ease of sourcing, we cited the 2017 Department of Defense Annual Report to Congress on Military and Security Developments Involving the People’s Republic of China.

Like this:

Discussed below are the requirements of each of the three documents comprising a Title III application: the Application, the Affidavit, and the Order. These requirements, which are set forth in 18 U.S.C. § 2518, are applicable to requests to the court for an order authorizing the interception of oral, wire, and/or electronic communications.

28. ELECTRONIC SURVEILLANCE—TITLE III APPLICATIONS

The Application should meet the following requirements:

It must be prepared by an applicant identified as a law enforcement or investigative officer. The application must be in writing, signed by the United States Attorney, an Assistant United States Attorney, and made under oath. It must be presented to a Federal district court or court of appeals judge and be accompanied by the Department’s authorization memorandum signed by an appropriate Department official and a copy of the most recent Attorney General’s Order designating that official to authorize Title III applications. The application may not be presented to a magistrate.See 18 U.S.C. §§ 2510(9) and 2516(1); see also In re United States of America, 10 F.3d 931, 935-38 (2d Cir. 1993).

It must identify the type of communications to be intercepted. “Wire communications” include “aural transfers” (involving the human voice) that are transmitted, at least in part by wire, between the point of origin and the point of reception, i.e., telephone calls. 18 U.S.C. § 2510(1). This includes cellular phones, cordless phones, voice mail, and voice pagers, as well as traditional landline telephones. “Oral communications” are communications between people who are together under circumstances where the parties enjoy a reasonable expectation of privacy. 18 U.S.C. § 2510(2). “Electronic communications” include text messages, email, non-voice computer and Internet transmissions, faxes, communications over digital-display paging devices, and, in some cases, satellite transmissions. Communications over tone-only paging devices, data from tracking devices (as defined by 18 U.S.C. § 3117), and electronic funds transfer information are not electronic communications under Title III. 18 U.S.C. § 2510(12).

It must identify the specific Federal offenses for which there is probable cause to believe are being committed. The offenses that may be the predicate for a wire or oral interception order are limited to only those set forth in 18 U.S.C. § 2516(1). In the case of electronic communications, a request for interception may be based on any Federal felony, pursuant to 18 U.S.C. § 2516(3).

It must provide a particular description of the nature and location of the facilities from which, or the place where, the interception is to occur. An exception to this is the roving interception provision set forth in 18 U.S.C. § 2518(11)(a) and (b). The specific requirements of the roving provision are discussed in JM 9-7.111. Briefly, in the case of a roving oral interception, the application must show, and the court order must indicate, that it is impractical to specify the location(s) where oral communications of a particular named subject are to be intercepted. 18 U.S.C. § 2518(11)(a)(ii) and (iii). In the case of a roving wire or electronic interception, the application must state, and the court order must indicate, that a particular named subject’s actions could have the effect of thwarting interception from a specified facility. 18 U.S.C. § 2518(11)(b)(ii) and (iii). The accompanying DOJ document authorizing the roving interception must be signed by an official at the level of an Assistant Attorney General (including Acting AAG) or higher. 18 U.S.C. § 2518(11)(a)(i) and (b)(i). Further guidance on roving interceptions may be found on the DOJNet site of the Electronic Surveillance Unit (ESU), Office of Enforcement Operations (OEO).

It must identify, with specificity, those persons known to be committing the offenses and whose communications are to be intercepted. In United States v. Donovan, 429 U.S. 413, 422-32 (1977), the Supreme Court held that 18 U.S.C. § 2518(1)(b)(iv) requires the government to name all individuals whom it has probable cause to believe are engaged in the offenses under investigation, and whose conversations it expects to intercept over or from within the targeted facilities. It is the Criminal Division’s policy to name as subjects all persons whose involvement in the alleged offenses is indicated, even if not all those persons are expected to be intercepted over the target facility or at the target location.

It must contain a statement affirming that normal investigative procedures have been tried and failed, are reasonably unlikely to succeed if tried, or are too dangerous to employ. 18 U.S.C. § 2518(1)(c). The applicant may then state that a complete discussion of attempted alternative investigative techniques is set forth in the accompanying affidavit.

It must contain a statement affirming that the affidavit contains a complete statement of the facts—to the extent known to the applicant and the official approving the application—concerning all previous applications that have been made to intercept the oral, wire, or electronic communications of any of the named subjects or involving the target facility or location. 18 U.S.C. § 2518(1)(e).

In an oral (and occasionally in a wire or electronic) interception, it must contain a request that the court issue an order authorizing investigative agents to make all necessary surreptitious and/or forcible entries to install, maintain, and remove electronic interception devices in or from the targeted premises (or device). When effecting this portion of the order, the applicant should notify the court as soon as practicable after each surreptitious entry.

When requesting the interception of wire communications over a cellular telephone, it should contain a request that the authorization and court order apply not only to the target telephone identified therein, but also to: 1) any change in one of several potential identifying numbers for the phone, including the electronic serial number (ESN), International Mobile Subscriber Identity (IMSI) number, International Mobile Equipment Identification (IMEI) number, Mobile Equipment Identifier (MEID) number, or Urban Fleet Mobile Identification (UFMI) number; and 2) any changed target telephone number when the other identifying number has remained the same. Model continuity language for each type of identifier may be obtained from ESU. With regard to a landline phone, it should request that the authorization and court order apply not only to the target telephone number identified therein, but also to any changed telephone number subsequently assigned to the same cable, pair, and binding posts used by the target landline telephone. No continuity language should be included when the target telephone is a Voice Over Internet Protocol (VoIP) phone. The application should also request that the authorization apply to background conversations intercepted in the vicinity of the target phone while the phone is in use. See United States v. Baranek, 903 F.2d 1068, 1070-72 (6th Cir. 1990).

It must contain, when concerning the interception of wire communications, a request that the court issue an order directly to the service provider, as defined in 18 U.S.C. § 2510(15), to furnish the investigative agency with all information, facilities, and technical assistance necessary to facilitate the ordered interception. 18 U.S.C. § 2511(2)(a)(ii). The application should also request that the court direct service providers and their agents and employees not to disclose the contents of the court order or the existence of the investigation. Id.

For original and spinoff applications, it should contain a request that the court’s order authorize the requested interception until all relevant communications have been intercepted, not to exceed a period of thirty (30) days from the earlier of the day on which the interception begins or ten (10) days after the order is entered. 18 U.S.C. § 2518(5). For extensions, it should contain a request that the thirty-day period be measured from the date of the court’s order.

It should contain a statement affirming that all interceptions will be minimized in accordance with Chapter 119 of Title 18, United States Code, as described further in the affidavit. 18 U.S.C. § 2518(5).

[updated October 2012]

29. ELECTRONIC SURVEILLANCE—TITLE III AFFIDAVITS

The Affidavit must meet the following requirements:

It must be sworn and attested to by an investigative or law enforcement officer as defined in 18 U.S.C. § 2510(7). Criminal Division policy requires that the affiant be a member of one of the following agencies: FBI, DEA, ICE/HSI, ATF, U.S. Secret Service, U.S. Marshals Service, or U.S. Postal Inspection Service. Criminal Division policy precludes the use of multiple affiants except when it is indicated clearly which affiant swears to which part of the affidavit, or states that each affiant swears to the entire affidavit. If a State or local law enforcement officer is the affiant in a Federal electronic surveillance affidavit, the enforcement officer must be deputized as a Federal officer of the agency responsible for the offenses under investigation. 18 U.S.C. § 2516(1).

It must identify the target subjects, describe the facility or location that is the subject of the proposed electronic surveillance, and list the alleged offenses. 18 U.S.C. § 2518(1). If any of the alleged offenses are not listed predicate offenses under 18 U.S.C. § 2516(1), that fact should be noted.

It must establish probable cause that the named subjects are using the targeted facility or location to commit the stated offenses. Any background information needed to understand fully the instant investigation should be set forth briefly at the beginning of this section. The focus, however, should be on recent and current criminal activity by the subjects, with an emphasis on their use of the target facility or location. This is generally accomplished through information from a confidential informant, cooperating witness, or undercover agent, combined with pen register or telephone toll information for the target phone or physical surveillance of the target premises. Criminal Division policy requires that the affidavit demonstrate criminal use of the target facility or premises within six months from the date of Department approval. For wire communications, where probable cause is demonstrated by consensually recorded calls or calls intercepted over another wiretap, the affidavit should include some direct quotes of the calls, with appropriate characterization. Criminal Division policy dictates that that pen register or telephone toll information for the target telephone, or physical surveillance of the targeted premises, standing alone, is generally insufficient to establish probable cause. Generally, probable cause to establish criminal use of the facilities or premises requires independent evidence of use of the facilities or premises in addition to pen register or surveillance information, often in the form of informant or undercover information. It is preferable that all informants used in the affidavit to establish probable cause be qualified according to the “Aguilar-Spinelli” standards (Aguilar v. Texas, 378 U.S. 108 (1964) and Spinelli v. United States, 393 U.S. 410 (1969)), rather than those set forth in the Supreme Court decision of Illinois v. Gates, 463 U.S. 1237 (1983). Under some circumstances, criminal use of the target facility within six months of Department approval may be established in the absence of consensually recorded communications or prior interceptions when use of the phone may be tied to a significant event, such as a narcotics transaction or a seizure, through phone records. In addition to criminal use within six months, the affidavit must also show recent use of the facility or premises within 21 days from the date on which the Department authorizes the filing of the application. For wire and electronic communications, the affidavit must contain records showing contact between the facility and at least one other criminally relevant facility that demonstrates necessity for the wiretap within 21 days of Department approval. The affidavit must clearly and specifically demonstrate how the other facility is criminally relevant and state the date range for the contacts and the date of the most recent contact. The date range for all pen register/phone records data must be updated to within 10 days of submission to OEO. For extension requests, the affidavit should include some direct quotes of wire communications (and/or electronic communications, if applicable), with appropriate characterization, including one from within seven days of Department approval, or an explanation of the failure to obtain such results and the continued need to conduct interceptions. (When the application requests authorization to intercept oral communications within a location, it is often helpful to include a diagram of the target location as an attachment to the affidavit.)

It must explain the need for the proposed electronic surveillance and provide a detailed discussion of the other investigative procedures that have been tried and failed, are reasonably unlikely to succeed if tried, or are too dangerous to employ. 18 U.S.C. § 2518(1)(e). This is to ensure that highly intrusive electronic surveillance techniques are not resorted to in situations where traditional investigative techniques would suffice to expose the crime. United States v. Kahn, 415 U.S. 143 (1974). It need not be shown that no other investigative avenues are available, only that they have been tried and proven inadequate or have been considered and rejected for reasons described. See,e.g., United States v. Foy, 641 F.3d 455, 464 (10th Cir. 2011); United States v. Cartagena, 593 F.3d 104, 109-111 (1st Cir. 2010); United States v. Concepcion, 579 F.3d 214, 218-220 (2d Cir. 2009). There should also be a discussion as to why electronic surveillance is the technique most likely to succeed. When drafting this section of the affidavit, the discussion of these and other investigative techniques should be augmented with facts particular to the specific investigation and subjects. General declarations and conclusory statements about the exhaustion of alternative techniques will not suffice.

It is most important that this section be tailored to the facts of the specific case and be more than a recitation of “boiler plate.” The affidavit must discuss the particular problems involved in the investigation in order to fulfill the requirement of 18 U.S.C. § 2518(1)(c). The affidavit should explain specifically why other normally utilized investigative techniques, such as physical surveillance or the use of informants and undercover agents, are inadequate in the particular case. For example, if physical surveillance is impossible or unproductive because the suspects live in remote areas or will likely be alerted to law enforcement presence (by counter-surveillance or other means), the affidavit should set forth those facts clearly. If the informants refuse to testify or cannot penetrate the hierarchy of the criminal organization involved, the affidavit should explain why that is so in this particular investigation. If undercover agents cannot be used because the suspects deal only with trusted associates/family, the affidavit must so state and include the particulars. Conclusory generalizations about the difficulties of using a particular investigative technique will not suffice. It is not enough, for example, to state that the use of undercover agents is always difficult in organized crime cases because crime families, in general, deal only with trusted associates. While the affidavit may contain a general statement regarding the impossibility of using undercover agents in organized crime cases, it must also demonstrate that the particular subject or subjects in the instant case deal only with known associates. The key is to tie the inadequacy of a specific investigative technique to the particular facts underlying the investigation. See,e.g., Foy, 641 F.3d at 464United States v. Blackmon, 273 F.3d 1204, 1210-1212 (9th Cir. 2001);United States v. Uribe, 890 F.2d 554 (1st Cir. 1989).

It must contain a full and complete statement of any known previous applications made to any judge (federal, state, or foreign) for authorization to intercept, or for approval of interceptions of, wire, oral, or electronic communications involving any of the same persons, facilities, or places specified in the application. This statement should include the date, jurisdiction, and disposition of previous applications, as well as their relevance, if any, to the instant investigation. All relevant electronic surveillance (“ELSUR”) databases must be checked, including that of the agency conducting the investigation. In narcotics investigations, Criminal Division policy provides that the DEA, FBI, and ICE databases be searched. In investigations involving firearms offenses, ATF ELSUR databases should be checked. In joint investigations, all participating agencies’ databases should be checked; in all other cases when it is likely that more than one agency may have investigated the subjects, multiple indices checks should likewise be made. It is recommended that all ELSUR searches be updated to within 45 days of submission of an application to OEO. The duty to disclose prior applications under 18 U.S.C. § 2518(1)(e) covers all persons named in the application, and not just those designated as “principal targets.” United States v. Bianco, 998 F.2d 1112 (2d Cir. 1993).

It must contain a statement of the period of time for which the interception is to be maintained. The statute provides that an order may be granted for not more than thirty days or until the objectives of the investigation are achieved, whichever occurs first. 18 U.S.C. § 2518(5). If the violations are continuing, facts sufficient to justify interception for the full thirty-day period must be provided, or the court may order monitoring to cease once initial, criminal conversations are intercepted. This may be accomplished by showing, through informant or undercover investigation, pen register analysis, physical surveillance, or other law enforcement investigation, that a pattern of criminal activity exists and is likely to continue. If it is clear that the interceptions will terminate after a limited number of days, then the time requested should also be so limited in accordance with the facts of the case.

The statute also provides for a ten-day grace period, before the thirty-day period begins to run. 18 U.S.C. § 2518(5). This statutory grace period allows for delays by the service provider in establishing interception capability. The ten-day grace period applies only to the initial installation of equipment or establishment of interceptions, and may not be used in an extension application, or in an original application when the equipment is already installed.

Some courts have consulted Rule 45 of the Federal Rules of Criminal Procedure for guidance on the method to calculate the thirty-day period under the statute, and have held that the thirty-day period begins to run on the date after the order was signed, even if the interception started on the same day that it was signed. See United States v. Smith, 223 F.3d 554, 575 (7th Cir. 2000);United States v. Villegas, 1993 WL 535013, at *11-12 (S.D.N.Y. Dec. 22, 1993); United States v. Gerena, 695 F. Supp. 649, 658 (D. Conn. 1988);United States v. Sklaroff, 323 F. Supp. 296, 317 (S.D. Fla. 1971);but see United States v. Gangi, 33 F. Supp. 2d 303, 310-11 (S.D.N.Y. 1999); United States v. Pichardo, 1999 WL 649020, at * 3 (S.D.N.Y. Aug. 25, 1999). In an abundance of caution, however, OEO recommends that the thirty-day period be calculated from the date and time that the order is signed. OEO further suggests that an applicant adhere to established practice regarding the calculation of the thirty-day period in the applicant’s particular district.

It must contain a statement affirming that monitoring agents will minimize all non-pertinent interceptions in accordance with Chapter 119 of Title 18, United States Code, as well as additional standard minimization language and other language addressing any specific minimization problems (e.g., steps to be taken to avoid the interception of privileged communications, such as attorney-client communications) in the instant case. (18 U.S.C. § 2518(5) permits non-officer government personnel or individuals acting under contract with the government to monitor conversations pursuant to the interception order. These individuals must be acting under the supervision of an investigative or law enforcement officer when monitoring communications, and the affidavit should note the fact that these individuals will be used as monitors pursuant to 18 U.S.C. § 2518(5).)

When communications are intercepted that relate to any offense not enumerated in the authorization order, the monitoring agent should report it immediately to the Assistant United States Attorney, who should notify the court at the earliest opportunity. Approval by the issuing judge should be sought for the continued interception of such conversations. While 18 U.S.C. § 2517(1) and (2) permit use or disclosure of this information without first obtaining a court order, 18 U.S.C. § 2517(5) requires a disclosure order before the information may be used in any proceeding (e.g., before a grand jury).

All wire and oral communications must be minimized in real time. The statute permits after-the-fact minimization for wire and oral communications only when the intercepted communications are in code, or in a foreign language when a foreign language expert is not reasonably available. 18 U.S.C. § 2518(5). In either event, the minimization must be accomplished as soon as practicable after the interception. Such after-the-fact minimization can be accomplished by an interpreter who listens to and minimizes the communications after they have been recorded, giving only the pertinent communications to the supervising agent. The process utilized must protect the suspect’s privacy interests to approximately the same extent as would contemporaneous minimization, properly applied. United States v. David, 940 F.2d 722 (1st Cir. 1991);United States v. Simels, 2009 WL 1924746, at *6-*9 (E.D.N.Y. Jul. 2, 2009). After-the-fact minimization provisions should be applied in light of the “reasonableness” standard established by the Supreme Court in United States v. Scott, 436 U.S. 128 (1978).

After-the-fact minimization is a necessity for the interception of electronic communications, such as those in the form of text messages, email, or faxes. In such cases, all communications should be recorded and then examined by a monitoring agent to determine their relevance to the investigation. Further dissemination is then limited to those communications by the subjects or their confederates that are criminal in nature. Further guidance regarding the minimization of text messages may be found on ESU’s DOJNet site.

A judge may only enter an order approving interceptions “within the territorial jurisdiction of the court in which the judge is sitting (and outside that jurisdiction but within the United States in the case of a mobile interception device authorized by a Federal court within such jurisdiction).” 18 U.S.C. § 2518(3). Interceptions occur at the site of the target facility or location and at the site where the communications are first heard/reviewed and minimized (e.g. the wire room). United States v. Rodriguez, 968 F.2d 130, 136 (2d Cir. 1992); see alsoUnited States v. Luong, 471 F.3d 1107, 1109 (9th Cir. 2006); United States v. Denman, 100 F.3d 399, 403 (5th Cir. 1996).

Department policy requires that a Title III order be obtained in the district where the wireroom is located. This policy change is intended to ensure that all Title III interceptions occur within the territorial jurisdiction of the authorizing court, as required by 18 U.S.C. § 2518(3). Use of a regional wireroom will only be considered in exceptional circumstances, and must be discussed with the reviewing ESU attorney on a case-by-case basis.

In cases involving interceptions over a stationary facility or at a fixed location, the order may be obtained in the district where the target facility or location is located.

30. ELECTRONIC SURVEILLANCE—TITLE III ORDERS

The Order must meet the following requirements:

The authorizing language of the order should mirror the requesting language of the application and affidavit, stating that there is probable cause to believe that the named subjects are committing particular Title III predicate offenses (or, in the case of electronic communications, any Federal felony), that particular communications concerning those offenses will be obtained through interception, and that normal investigative techniques have been tried and have failed, or are reasonably unlikely to succeed if tried, or are too dangerous to employ. 18 U.S.C. § 2518(3) and (4). The court then orders (again tracking the language of the application and affidavit) that agents of the investigative agency are authorized to intercept wire, oral, or electronic communications over the described facility or at the described premises. Id. The order should also contain language specifying the length of time the interception may be conducted, and, if necessary, authorizing surreptitious and/or forcible entry to effectuate the purpose of the order. Id.The order may also contain language mandating the government to make periodic progress reports (pursuant to 18 U.S.C. § 2518(6)), and ordering the sealing of those as well as the order, application and affidavit. In the case of a roving interception, the court must make a specific finding that the requirements of 18 U.S.C. § 2518(11)(a) and/or (b) have been demonstrated adequately. Any other special requests, such as enforceability of the order as to changed service providers without further order of the court, should also be authorized specifically in the order.

The court should also issue a technical assistance order to the communications service provider. 18 U.S.C. § 2518(4). This is a redacted order that requires the telephone company or other service provider to assist the agents in effecting the electronic surveillance. OEO does not review redacted service provider orders. An order to seal all of the pleadings should also be sought at this time.

The Application, Affidavit, and Order should be sent via email to OEO atESU.Requests@usdoj.gov. Submissions must include a completed Title III cover sheet that includes the signature of a supervising attorney who reviewed and approved the Title III papers. Criminal Division policy requires that all Title III submissions be approved by a supervising attorney other than the attorney submitting the application. That supervisory attorney must sign the Title III cover sheet, demonstrating that he or she has reviewed the affidavit, application, and draft order included in the submission packet, and that, in light of the overall investigative plan for the matter, and taking into account applicable Department policies and procedures, he or she supports the request and approves of it. The Title III cover sheet, with a space for the supervisor’s signature, may be found on ESU’s DOJNet site.

Spinoff requests (e.g., additional applications to conduct electronic surveillance over a new facility or at a new location in the same investigation) and extension requests are reviewed in the same manner as described above. While the exigencies of investigative work occasionally make the normally required lead time impossible, the timeliness with which an application is reviewed and authorized is largely under the control of the Assistant United States Attorney handling the case. When coordinating an investigation or planning extension requests, it is important to allow sufficient time for the Title III application to be reviewed by OEO. OEO strongly recommends that extension requests be submitted up to a week in advance of the date on which the interception period expires.

Questions or requests for assistance may be directed to ESU at (202) 514-6809. Sample Title III forms are available by email from ESU or on ESU’s DOJNet site.

Like this:

In the last seven years, Russia has reasserted itself as a military force in Eastern Europe and the Caucasus. With the 2008 military incursion into Georgia and the 2014 seizure of Crimea and support for pro-Russian separatists in Ukraine, Russia has assumed a more aggressive, interventionist stance in Europe. In the effort to influence events in Ukraine, the Russians have used what the US Army defines as “Hybrid Warfare” to infiltrate, isolate, and dominate eastern Ukraine and Crimea. This is all a part of the strategy of what can be called “Indirect Action”—the belief by the Russians that they reserve the right to protect ethnic Russians and interests in their former states from domination by Western powers and NATO.

It is important to note that the Russians do not use the terms Hybrid Warfare or Indirect Action to describe these tactics. These are terms that the Western media, think tanks, and analysts have developed to define this method of warfare. The Russians have used terms such as indirect, asymmetrical, and non-linear when discussing what is commonly referred to as Hybrid Warfare. Hybrid Warfare is a part of the strategy/policy of what can be called Indirect Action that the Russians believe is essential to protect their interests in their former satellite states (referred to as “the near abroad”). To the Russians, using covert methods, information warfare (INFOWAR), and special operations troops to make up for conventional disadvantages has been the norm for decades. Because the terms Hybrid Warfare and Indirect Action are familiar, they will be used throughout this report in reference to Russian indirect, asymmetrical, and nonlinear tactics.

This Threat Tactics Report (TTR) will focus on three distinct operations—Georgia in 2008, Crimea in 2014, and eastern Ukraine in 2014–2015. The TTR will present and analyze the tactics used in these conflicts, the lessons learned, and adjustments made by the Russian Armed Forces.

Executiive Summary

The Russians have employed Hybrid Warfare and Indirect Action to counter NATO and Western influence for over seventy years.Hybrid
Warfare is the use of political, social, criminal, and other non-kinetic means employed to overcome military limitations.1Indirect Action
can be defined as the need for Russia to defend its interests and sphere of influence in its former states and satellites.
Although Western observers characterize the actions of Russian Armed Forces as hybrid warfare, the Russian Army practices its long-established tactics with new attention to advanced developments in many areas such as precision weapons, command and control (C2) and intelligence surveillance and reconnaissance (ISR), and electronic warfare (EW), and including direct and indirect application of these. The nature of these tactics is derived from Russia’s focused assessment of specific neighborhood threats and its long-time focus on security superiority in its Near Abroad.
Russia continues to maintain military bases in its former states to exert influence and control.
The Russians used conventional tactics in Georgia in 2008 and used indirect and asymmetric approaches in Crimea in 2014 and eastern Ukraine in 2014-2015.
The Euromaidan protests and overthrow of the Yanukovych government triggered the Russian incursion into Crimea and the seizure of the naval base at Sebastopol.
Russian intelligence operatives and SPF were instrumental in the success of the Crimea operation and are now assisting pro-Russian separatists in eastern Ukraine.
Russia may use these tactics in other areas such as Moldova, Transniestra, and the Baltic states.
…

…

Crimean Takeover: Operational Overview

Crimea has long sought its independence from Ukraine because of its protracted association with Russia and the people’s desire to rejoin the Russian Federation. Crimea had become the home to a large ethnic Russian population, many of which had served in the Soviet/Russian military. As far back as February 1994, Crimean politicians would make speeches declaring the Crimeans not only sought separation from Ukraine, but also a unification of Crimea with Russia. When Yuriy Meshkov won the first and only independent Crimean presidential election in 1994 with 73% of the votes, he stated, “In spirit, the Crimean people have been and remain part of Russia.” During the next couple of years, Ukrainian marines took possession of a number of naval facilities on Crimea, evicted the pro-Russian political leaders in Crimea, and ended the short-lived independent Crimea on 17 March 1995. With protests from Moscow, this eventually led to the 1997 treaty that divided the Russian naval facilities between the two countries and allowed for the Russians to maintain a military presence in Crimea, primarily to support the Russian navy’s Black Sea Fleet. One of the most overlooked clauses in the agreement which allowed the February/March 2014 events to take place was the section that permitted Russian forces to implement not only security measures at their own permanent bases in Crimea, but to provide security for their own forces during deployment and redeployment movements to and from Russia. In the early stages of the crisis in late February 2014, this very minor clause in the treaty allowed the Russian military to move initially around Crimea without interference by any Ukrainian military personnel under the guise of the movement authorized by the military agreement between the two countries.

The Russian military launched their operation in Crimea less than a week after Ukrainian President Viktor Yanukovych signed an agreement with the opposition political leaders on 21 February 2014 that confirmed early presidential elections would take place by the end of the year, ensured a national unity government would be created within a month, and guaranteed Ukraine would return to its 2004 constitution. Yanukovych then fled Kiev within 24 hours, however, instead of remaining in Ukraine to abide by the agreement. The timing also coincided with the scheduled military maneuvers in the Russian Central and Western Military Districts that obscured the Russian troop movements into the peninsula. The map in Figure 8 indicates the various activities from unclassified sources that took place in Crimea between the night of 27 February 2014 and 25 March 2014, when the Ukrainian government pulled its military forces from Crimea and ceded control of the peninsula to the Crimean “defense forces” backed by Russian military forces.

Like this:

A North Korean regular infantry division is the most likely type of division a US unit would face on the Korean peninsula. While the Korean People’s Army (KPA) fields armor and mechanized units, the number of regular infantry units far exceeds the other types (pg 3).
KPA offensive operations include the heavy use of artillery with chemical munitions; a primary focus of attacks on combat support (CS), combat service support (CSS), and command and control (C2) units; and deep operations conducted by KPA special-purpose forces (SPF) (pgs 3–4, 11–16, 21–23).
KPA defensive operations focus on the elimination of enemy armor through the heavy use of artillery; battalion, regiment, and division antitank kill zones; and the use of counterattack forces at all levels above battalion-sized units (pgs 16–19, 23–26).
While US forces will face KPA conventional infantry to their front, KPA SPF will initiate offensive operations in the US/South Korean rear areas to create a “second front” (pgs 15–16).
KPA regular forces and SPF will remain in place to conduct stay-behind annihilation ambushes on CS, CSS, and C2 units passing through the passed unit’s area of operations (pg 25).
The KPA divisions are already prepared to fight US and Republic of Korea (ROK) forces today. The vehicles and equipment may be different in the future, but their tactics and techniques will be similar to those used today (pgs 10–26).
Since 2003, the KPA has created seven divisions that are specialized to operate in urban and mountain terrain using irregular warfare techniques. It is expected that the KPA will use several techniques deemed successful in Afghanistan and Iraq against US/ROK forces (pg 20).
TRADOC G-2 ACE Threats Integration (ACE-TI) is the source of the threat tactics series of products. The Threat Tactics Report: North Korea versus the United States (US) and the other similar products serve to describe the foreign nation’s most common combat division with an order of battle, its offensive and defensive doctrine as articulated in its manuals or recent military actions, and an analysis of how this actor would fight if facing the US in the future.

This document is intended primarily for US Army training organizations, but will be applicable across the wider community of US Army Combatant Commands, Army Service Component Commands, and allied partners.

…

North Korean Infantry Division Major Weapon Systems

The KPA uses a variety of primarily Tier 2, 3, and 4 equipment in its units, as it rarely disposes of any weapons. The best units receive new(er) weapons and their systems are then cascaded through the lower-quality units. Some of the KPA’s weapons and vehicles date back to World War II. Units will attempt to field the same type of weapon systems to reduce logistical issues. The following are some of the major weapons found in a KPA infantry division or infantry regiment.

…

The KPA prefers the offense over the defense and will stay on the defensive only until it can gather the strength to attack again. The KPA will attempt to avoid US/ROK combat units and will attempt to attack CS, CSS, and C2 units and vulnerable high-value targets in the rear areas in order to reduce the effectiveness of the US/ROK combat units. With assistance in creating a second front via the KPA SPF making these attacks in the US/ROK rear areas, the KPA believes the US/ROK combat units will become combat ineffective, making them vulnerable to KPA follow-on forces.

When forced to go on the defensive the KPA will concentrate its efforts in eliminating its enemy’s tanks. Any units bypassed by enemy forces are directed to continue to fight as a unit or, if the unit becomes combat ineffective, the soldiers are expected by their leaders to continue resistance by conducting irregular warfare operations against any enemy units in their area. Prepared UGFs exist throughout North Korea, especially within 50 miles of the DMZ. If forced on the defensive in these areas, the KPA will fight from these previously prepared positions.

US/ROK units will face intense indirect fire including chemical munitions, conventional KPA units to their front, and SPF elements in their rear areas. US/ROK units will need to simultaneously defeat the KPA divisions attacking their combat units, while defending all units from KPA SPF or stay-behind forces in their rear areas.

Like this:

The idea of invisibility has fascinated people for millennia, inspiring many myths, novels, and films. Invisibility cloaking has recently become a subject of science and technology. This paper describes the important current theoretical and experimental developments and tries to project into the future.

Camouflage

Invisibility may be achieved through three principal methods: camouflage, transparency, and cloaking. Many animals and some plants use camouflage to disguise themselves from predators-for example, by assuming the shapes and colors of objects in their surroundings. The military has long used forms of camouflage; a recent military application of camouflage is stealth technology.

Stealth planes have aerodynamically unusual, edgy shapes and are coated with a special material. Both features serve the same purpose: to make the plane “invisible” to radar. How does it work? In radar, electromagnetic microwaves are emitted by a source, and their reflection by an object-an airplane, for example-is detected. From the direction and the time delay of the reflected waves, the direction and distance of the object are inferred. If the object does not reflect the electromagnetic microwaves back to the source, it will not appear on the radar. This is precisely what stealth technology achieves. Owing to the edgy shape of the stealth plane, most of the incident electromagnetic waves are reflected in different directions; the coating of the plane absorbs the rest. In this way, the stealth plane has become completely black in the spectral range of radar. As for radar waves, the sky is black, not blue, and the plane has assumed the color of the background: the stealth plane is camouflaged.

…

…

Optical Metamaterials

As light is simply an electromagnetic wave with shorter wavelengths than microwave radiation, one could imagine an optical cloaking device as the microwave cloak but with much smaller cells, fitted to the smaller wavelength. However, this simple idea is too simple, for two different reasons. One is that metals like the copper of the circuit board or the gold of ruby glass are more electrically resistant to currents oscillating with the frequency of visible light than to currents in the microwave range of the spectrum. Second, and more important, the cells of a metamaterial also emit electromagnetic radiation in an incoherent way, not just as a coherent response to the incoming electromagnetic wave, similar to the spontaneous emission of light by atoms and molecules. The spontaneous emission is significantly stronger in the optical range of the spectrum. In short, metamaterials do not scale; they must be designed differently for visible light, and the loss of light by absorption and incoherent scattering usually is greater for visible light than for microwaves. Figure 13 below illustrates the idea 19 for an optical cloaking metamaterial. Instead of split-ring resonators, nano-scale metal wires are embedded in a transparent host material, for example glass. The wires replace the split-ring resonators on the circuit board of the microwave-cloaking device. They act similarly to the gold particles embedded in ruby glass; their optical properties depend on their lengths and on their arrangement, which, in principle, can be tailormade and controlled using the tools of modern nanotechnology. The thin wires will have lower electric losses than split-ring resonators, and their radiation losses by the equivalent of spontaneous emission are reduced as well. Such optical cloaking devices do not yet exist, but one can gauge the progress in the required technology by considering the progress in negatively refracting optical materials.

The Department of Defense (DoD) performs forensic science in a collaborative environment which necessitates the clear communication of all activities and their results. A critical enabler of communication is the use of a clear, internally consistent vocabulary.

1.1 Purpose

The goal of the Department of Defense Forensics Lexicon is to provide an operational vocabulary to address Forensics. A shared vocabulary enables a common understanding of Forensics, enhances the fidelity and the utility of operational reporting, facilitates structured data sharing, and strengthens the decision making processes across the DoD.

1.2 Scope

This lexicon encompasses the broad spectrum of scientific disciplines, processes, and equipment associated with performing forensic activities. Additional terms include those related to the programmatic support domains (e.g., doctrine, policy, standards, and accreditation) which enable forensic activity within the DoD.

Excluded from this lexicon are terms and definitions that describe the various types of Improvised Explosive Devices (IEDs) and the specific components of IEDs, as those have been previously defined in other well established lexicons.

1.3 Approach

This Department of Defense Forensics Lexicon was authored by subject matter experts from key organizations and agencies engaged in the full range of forensic activities and the personnel that provide programmatic support to those experts. It was then staffed multiple times across the Defense Forensics Enterprise in order to obtain support and consensus.

UASs provide malicious actors an additional method of gaining proximity to networks and equipment within critical infrastructure sectors. Malicious actors could then use the proximity provided by a UAS to wirelessly exploit unsecured systems and extract information from systems they cannot otherwise access remotely or may not be able to access due to range limitations. This includes networks and devices within secured buildings, as well as networks and devices behind fencing and walls.

UASs can also allow a malicious actor to wirelessly exploit vulnerabilities from a distance (figure 1). The prevalent ownership and operation of UASs by the general public, the distance from which UAS can be operated, and a lack of tracking data can also provide malicious actors a level of anonymity that otherwise may not be available. UASs, in particular UASs, are typically more difficult to detect than a malicious actor attempting to trespass beyond physical barriers.

…

UAS FOR WIRELESS SYSTEM EXPLOITATION

Malicious actors could utilize UASs in order to wirelessly exploit access points and unsecured networks and devices. This can include using UASs in order to inject malware, execute malicious code, and perform man-in-the-middle attacks. UASs can also deliver hardware for exploiting unsecured wireless systems, allowing malicious actors persistent access to the wireless system until the hardware is detected or runs out of power. While OCIA does not know of a confirmed incident utilizing UASs to exploit wireless systems, researchers have demonstrated this capability.

…

MALICIOUS ACTORS CAN EXPLOIT COMPROMISED UAS

While UASs can be used as a tool for an attacker, they are also vulnerable to exploitation. Many commercial UAS variations, for example, currently communicate with ground stations and operators using unencrypted feeds. This can allow a malicious actor to intercept and review data sent to and from the UAS.